snc_internal user able to update an RITM, which he is not a part of.

AbdurRahmanSnow · ‎08-12-2025

Good evening.!
We got an issue where a snc_internal user was able to close the ticket, where he was not a part of the ticket's group or anywhere.
When I impersonated him on Service Portal and searched the RITM number, it was coming up, and at the top right, there was a "Cancel" button, which he clicked and the RITM got Incomplete.

How is the RITM being coming up for him, and how is the "Cancel" button being showed.

Please help.
@Ankur Bawiskar @Dr Atul G- LNG @Viraj Hudlikar

Viraj Hudlikar · ‎08-12-2025

Hello @AbdurRahmanSnow -

I would suggest do check ACL which is allowing that user with that role over record you found he is able to read, it might be some ACL is allowing user with that role to read it. Try to use Access Analyzer feature.

For Ui Action check what is condition set for visibility. I doubt since user is getting read/write access so he able to view and perform operation over same.

Or another thing you can have a look is there change on snc_internal role is there any additional role has been added to it which might be allowing access to record you showcase.

I tried to check same over OOTB PDI and if user is having only snc_internal then user can only view/write on his ticket raise by him or for him.

If my response has helped you hit helpful button and if your concern is solved do mark my response as correct.

Thanks & Regards
Viraj Hudlikar.

View solution in original post

Ankur Bawiskar · ‎08-12-2025

@AbdurRahmanSnow

OOTB there is no "Cancel" button on RITM table.

Seems somebody created that as custom.

check the visibility of Cancel button condition and that will help you

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

Dr Atul G- LNG · ‎08-13-2025

Hi @AbdurRahmanSnow

Two things:

It looks like this is more of a customer solution issue because, out-of-the-box (OOTB), a user cannot cancel. Due to this customer-specific solution, the wrong roles/visibility have been assigned to the user with the snc_internal role, which is causing issues.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

View solution in original post

AbdurRahmanSnow · ‎08-13-2025

Solution:
I have checked thoroughly. It is a customization done and also, impersonated other snc_internal users, and checked random RITM records, which they are not a part of.!
And still, records were coming up.
This means, all snc_internal users can see, any records, irrespective of whether they are a part of that ticket or not.!

View solution in original post

AbdurRahmanSnow · ‎08-13-2025

Solution:
I have checked thoroughly. It is a customization done and also, impersonated other snc_internal users, and checked random RITM records, which they are not a part of.!
And still, records were coming up.
This means, all snc_internal users can see, any records, irrespective of whether they are a part of that ticket or not.!